Archive

Before I go further I need to offer thanks to three sources. Firstly, to Monica Horten at the excellent IPtegrity blog who saw the connection. Secondly to the genius of Richard O’Brien who penned such a prescient prophesy. And thirdly to the authors of ACTA, without whom – well, I wish we were without whom.

The story reported by Monica is the jump to the left in the European Parliament (socialist rapporteur says he recommends that ACTA be rejected) followed by the step to the right (EPP Sarkozy-ite delays things to buy more time for the rightsholder lobbyists to regroup) – and it was Monica who made the connection with Richard O’Brien. (I’ve reported the ‘news’ side of this story on Infosecurity Mag) “ACTA: EU Parliament takes a step to the right,” is Monica’s headline. “It took a jump to the left…” is the first line.

“It’s just a jump to the left And then a step to the right” is the source in Richard O’Brien’s phenomenal Time Warp song from The Rocky Horror Picture Show. What I hadn’t realised is quite how accurate those lyrics turn out to be.

Hollywood/government lays out its intention for the internet: It’s astounding, time is fleeting – Madness takes its toll – But listen closely, not for very much longer – I’ve got to keep control

But users are lost in their own, innocent, dreamy vision of the internet: It’s so dreamy, oh fantasy free me – So you can’t see me, no not at all

This is such a romantic view of freedom and the internet! But Hollywood/government responds: In another dimension, with voyeuristic intention – Well-secluded, I see all – With a bit of a mind flip – You’re there in the time slip – And nothing can ever be the same

This is O’Brien at his most prophetic. Hollywood/government wishes, from a hidden point of view, to see everything that happens on the internet. And once they succeed, nothing will ever be the same again.

O’Brien goes on to foretell what will happen. The user concludes: Well I was walking down the street just a-having a think – When a snake of a guy gave me an evil wink – He shook me up, he took me by surprise – He had a pickup truck and the devil’s eyes. – He stared at me and I felt a change – Time meant nothing, never would again.

Hollywood/government wins. The Time Warp itself? They will just keep cycling round in a time warp, time and time again, until they succeed. Just beware when that snake of a guy gives you an evil wink – and make sure you never vote for him again!

Back in February I commented on David Harley’s blogs on the Association of Chief Police Officers (ACPO) National Cyber Crime Conference. David attended as a speaker. He blogged afterwards, “The constantly recurring conference theme of working with other sectors rather than using them purely as an information feed into a black box, seems a more positive approach.”

At the end of my post I said:

Incidentally, I have asked for reports from the conference, but been told that “There will not be an output report from this event but a brief summary will be available in the next week or so.” Well that’s a good start for a two-way information exchange.

I finally received the brief summary today, more than two months later. Here it is in full:

Due to the confidential nature of the discussions which took place as part of this conference, Forum members have made the decision not to publish this to a wider audience.

Well, I’ve said it before, but I’ll say it again. The police have no right to be secretive about how they police. They should be more open – they are, after all, our servants. I am a firm supporter of elected chiefs of police and the abolition of this unaccountable, self-fulfilling, private company funded by private donations and public money that is known as ACPO. It’s time they went.

Infosecurity Europe is over for another year. If you weren’t there, well I just suggest you make sure you get there next year. Meantime, here’s my take on a couple of the announcements and almost all of the keynote sessions:

Trustworthy Internet Movement Launches Pulse TrackerThe problem, says Pulse, is that we are telling users that this site has SSL, so it’s secure. That’s not necessarily true. We are promulgating a false sense of security, and we need to fix that.
25 April 2012

Infosecurity Europe 2012: The insider threat – is it real?While the primary security stance faces outwards and is designed to keep hackers and malware outside of the system, organizations are increasingly aware that their own staff are also a potential – and in some cases an active – threat.
27 April 2012

CISPA, the Cyber Intelligence Sharing and Protection Act, was rushed through the House of Representatives on Thursday last week. It was passed by 248 votes to 168. On the previous day, Wednesday, President Obama – or more specifically, the Office of Management and Budget – warned that he would veto the bill: “Legislation should address core critical infrastructure vulnerabilities without sacrificing the fundamental values of privacy and civil liberties for our citizens… for the reasons stated herein, if H.R. 3523 were presented to the President, his senior advisors would recommend that he veto the bill.”

Doesn’t mean he will veto the bill. Guantanamo? NDAA?

It’s a possibility not lost on Anonymous. On Friday it issued its own citizen call to arms. It’s not asking for the usual DDoS attack – at least not yet, because it’s not clear who would need to be attacked, but it does say:

President Obama has already stated that he will veto the bill, but this is also what was said about NDAA.

Anonymous’ call is:

We have defeated previous attempts to censor our only platform of true honest communication, the internet. SOPA was only the beginning.

Sign petitions, call your congressmen, and kill this act in the senate.

As a foreign observer I would say that one thing is very clear about CISPA: it is being sold to the American public on a tissue of lies, misconceptions, misleading claims and overarching FUD. It will do nothing to prevent terrorism. It will do nothing to curtail crime. But it will allow both US law enforcement and the entertainment industry to legally spy on the private and legitimate communications of both innocent US citizens and everyone else anywhere in the world. A specific misleading endorsement? Joel Kaplan, Vice President-U.S. Public Policy, Facebook, wrote:

Importantly, HR 3523 would impose no new obligations on us to share data with anyone –- and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users’ private information, just as we do today [my ironic emphasis].

If the American citizen can expect the same from the US government as the Facebook user can from Facebook, then expect your personal data to be covertly extracted and sold to the highest bidder. It’s time to listen to those great advocates of US free speech: ACLU, EFF, CDT and, I have to say, Anonymous.

I see T-Mobile is at it again. I wanted to have a look at the Ardagh Group. The little I could get was from the Google search blurb: “Ardagh Group is a leading packaging business operating 88 facilities in metal, glass and technology across 25 countries. We employ 14100 people, produce in …” After that, T-Mobile blocked any further access, saying that the content was unsuitable for children.

T-Bloody-Mobile's bloody child bloody block

There’s a number of points here. Firstly, I would like to thank T-Mobile for suggesting that I am under eighteen. Secondly, I suggest that the Ardagh Group sues the arse of T-Mobile because I was about to place a £££multi-billion order with them – and now I can’t. And thirdly, I’d like to suggest that T-Mobile reconsiders the stupidity of its actions.

I have only ever paid for the service by card. They already have my card details. They know from their own records that I am actually 23.

But look at what they want to unblock the Ardagh Group and grant me access to this pornographic, paedophiliac, money laundering, drug running haven of unspeakable depravity: credit card details, not debit card details. I don’t have a bloody credit card. I only ever use a bloody debit card. How TF am I going to prove to them what they already know when they won’t accept the proof they already have?

I dislike infographics. Nine times out of ten they are a betrayal. When they appear on the author’s website, one time out of ten, they’re fine. When they’re sent to me with the invitation that my blog readers will be interested, they’re a con; and I dislike them almost as much as I dislike the people who send them.

I got another yesterday. The covering letter said:

“Don’t be evil.” Google’s unofficial corporate motto was originally adopted as company-wide belief as well as a jab to its competitors. However, Google has come a long way since it was incorporated in 1998. Can we still trust Google to do no evil? There is increasing evidence to suggest that the answer is ‘no’. Please check out our infographic on Google to learn more and please feel free to reuse it on Kevin Townsend using the embed code provided at the link.

Of course we can’t trust Google. We can’t trust anyone or anything on the internet. What we do is try to understand the issues and act within the level of risk we are prepared to take. But many of us still don’t realise how much data Google has on us – so a nice graphic explanation sounds appealing. I had a look.

It starts with the same paragraph that was used in the email. It ends with “Or you can simply quit using Google products altogether…”

But it was sent to me by anothermarketingconman@gmail.com – clearly someone who believes in what he preaches. And then you see the purpose of this con: the advert for the author of the infographic. Sending these infographics to bloggers in order to get free advertising is a con; and a betrayal of the true purpose of infographics.

Nevertheless, I had a look at the advertiser. Would you believe it? Background checks. “Background checks can be a great way to ensure the safety of your family, home, and employees. You can use them to look up information about an individual’s criminal, financial, and educational history, and then use that information to make an informed decision about that individual’s character and trustworthiness.” Here’s a company effectively complaining about the private information gathered by Google saying ‘we can get you more.’

(ISC)² launches its new EMEA advisory boardIn a move designed to offer genuine hands-on security experience to EMEA’s different security initiatives, professional body (ISC)² has launched a new Advisory Board for Europe, the Middle East and Africa (EAB).
18 April 2012

Dutch Pirate Party forced to take its Pirate Bay proxy off-lineIn a move that will be monitored by the UK’s music industry association (BPI), its Dutch equivalent BREIN (translates as ‘Brain’) has obtained a court injunction forcing the political party, the Pirate Party, to take down the proxy site that was allowing users to continue using the blocked Pirate Bay (TPB).
16 April 2012

City trader fined £450,000 by the FSA“For the reasons given in this Notice…”, says an FSA Decision Notice, “…the FSA has decided to impose on Mr Ian Charles Hannam a financial penalty of £450,000.”
13 April 2012

Smartphones are still firmly ‘enterprise-unready’Research from by Altimeter Group, Bloor Research and Trend Micro shows that the ‘consumer marketing’ legacy of many smartphones makes them ill-equipped to meet enterprise security demands.
11 April 2012

DHS gets California company to hack game consolesIn a project that started from law enforcement agencies’ request to the US Department of Homeland Security (DHS), which was then farmed out to the US Navy, Obscure Technologies of California has been awarded a contract to find ways of hacking game consoles.
11 April 2012

Real-time data mining comes to TwitterTwitter is usually described as a micro-blogging social network. To many who monitor its ‘trending topics’ it is also an early warning news service, frequently pointing users to breaking news before the traditional news media reports it.
10 April 2012

What an Englishman does in bedCompanies that monitor the end point behavior of their remote workers will have to start monitoring their (internet) behavior in bed. That at least is the inference to be drawn from a new street survey conducted by Infosecurity Europe.
10 April 2012